Configure VPN Profiles

This is an Early AccessEarly Access (EA) features are opt-in features that you can try out in your org by asking Okta Support to enable them. Additionally, the Features page in the Okta Admin Console (Settings > Features) allows Super Admins to enable and disable some EA features themselves. feature. To enable it, please contact Okta Support.

Okta Mobility Management (OMMAn acronym for Okta Mobility Management. OMM enables you to manage your users' mobile devices, applications, and data. Your users enroll in the service and can then download and use managed apps from the Apps Store. Managed apps are typically work-related, such as Box or Expensify. As an administrator, you can remove managed apps and associated data from users' devices at any time. You can configure policies, such as data sharing controls, on any of your managed apps. See Configuring Okta Mobility Management for more information.) can provision password-based, device-wide VPN configurations directly to devices without requiring IT to duplicate infrastructures or implement application proxies and gateways. Okta uses the native VPN capabilities built into the mobile operating system to leverage existing VPN solutions and enable easy access to on-premises resources. ClosedNotes:.

  • The Devices menu is available to orgs that implement Okta Mobility Management (OMM).
  • Currently, this feature is available only for iOS devices.
  1. Go to Devices > VPN.
  2. Click Add Device VPN.
  3. Select a VPN clientEssentially, a client is anything that talks to the Okta service. Within the traditional client-server model, Okta is the server. The client might be an agent, an Okta mobile app, or a browser plugin. .

    Support Announcement: Apple no longer supports PPTP or Juniper VPN options on macOS Sierra. This is an Apple limitation. Although Okta maintains these options, we will not support them with bug fixes.

  1. Configure your VPN client as described in one of the following procedures:

​Once VPN configurations (profiles) and the respective VPN mobile apps are pushed to OMM-enrolled devices, users can sign in to VPN and work remotely.

Note: The way that VPN profiles are pushed depends on the VPN password settings you configured above:

  • Delegated Authentication: VPN profiles are pushed when users are enrolled.
  • User sets password: VPN profiles are pushed when users are enrolled, an app user is assigned, or a VPN app instance setting is changed.
  • Password is same as Okta: VPN profiles are pushed when the user logs on.